Description
The article describes how to alter the default login-attempt-limit and login-block-time for SSL VPN users.
Solution
The default login-attempt-limit for SSL VPN users is 2 and the login-block-time is 60 seconds.
This indicates if user enters incorrect username/password combinations continuously twice, the firewall will block attempts and prompt with message as 'Too many bad attempts. Please try again in few minutes'.
Now, user has to wait for 60 seconds to try login again .
To increase or alter the value, configure the desired values using CLI as below.
The same as above in writing.
The article describes how to alter the default login-attempt-limit and login-block-time for SSL VPN users.
Solution
The default login-attempt-limit for SSL VPN users is 2 and the login-block-time is 60 seconds.
This indicates if user enters incorrect username/password combinations continuously twice, the firewall will block attempts and prompt with message as 'Too many bad attempts. Please try again in few minutes'.
Now, user has to wait for 60 seconds to try login again .
To increase or alter the value, configure the desired values using CLI as below.
#config vpn ssl settingsThe above config will help in preventing brute force attacks through SSL VPN.
set login-attempt-limit x <----- Replace number of attempt to allow in place of x.
set login-block-time y <----- Replace number of seconds to block attempt in place of y.
end
